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(54) Apparatus and methods for user Identification to deny access or service to unauthorized 
users 



(57) Apparatus for preventing unauthorized use of 
a voice dialing system and, particularly, a call forwarding 
feature associated with the system whereby system us- 
ers may forward a telephone number respectively asso- 
ciated therewith to a remote location in order to receive 
phone calls at the remote location, comprises: a data- 
base for pre-storing telephone numbers of system users 
and for pre-storing acoustic models respectively repre- 
sentative of speech associated with each system user, 
the acoustic models respectively corresponding to the 



telephone numbers; and a speaker identification mod- 
ule operatively coupled to the database for obtaining 
and decoding a speech sample from a potential system 
user during the potential users' attempt to make a tele- 
phone call, the speaker identification module comparing 
the decoded speech sample obtained with the pre- 
stored acoustic model associated with the telephone 
number dialed by the potential user; whereby if the de- 
coded speech sample substantially matches the p re- 
stored acoustic model, then the phone call attempted by 
the potential user is terminated. 
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Description 

[0001 ] The present invention relates to apparatus and 
methods for user identification to deny access or service 
to unauthorized users and, more particularly, to appara- s 
tus and methods for speaker identification to deny ac- 
cess of a user to a voice dialing system for unauthorized 
purposes such as abusing a call forwarding service. 
[0002] It is known that some voice dialing systems 
have a call forwarding or follow-me' feature. Such a 
feature permits a person (user) having a telephone 
number (extension) within the voice dialing system, e. 
g., an employee, to forward his telephone calls, made 
to that number by a caller, to a remote location where 
he is present. In this way, a caller may reach that person 
seamlessly whether that person is at the original loca- 
tion of the number or at the remote location to which the 
number has been forwarded. 

[0003] However, it is also known that such a call for- 
warding feature may be abused by an unscrupulous 
system user. For instance, such a person may desire to 
talk with another party whose telephone is external to 
the voice dialing system, e.g., a phone connected to a 
public switching telephone network (PSTN). By the user 
forwarding his number to the desired partys' phone us- 
ing the follow-me feature of the voice dialing system, the 
user may then dial his own telephone number from any 
location which will result in his reaching the desired party 
at the phone where the users' number was forwarded. 
In this way, the user fraudulently causes the system to 
treat the call as if it were an system-internal call rather 
than an outside call to an outside party and thus cause 
the system to incur the total cost of the call. Also, the 
actual destination of the phone call (i.e., the remote lo- 
cation) may be masked from the system since the tele- 
phone number dialed to reach that destination is the in- 
ternal number of the system user. 
[0004] The present invention provides apparatus and 
methods for biometric identification and/or non-biomet- 
ric identification in order to deny use of a plurality of serv- 
ices by service users, as recited in the independent 
claims 1 and 9. The present invention also provides an 
apparatus for performing biometric identification and/or 
non-biometric identification in order to prevent a person 
from fraudulently using a company voice dialing system 
to make personal calls at the company's expense, as 
recited in independent claim 7. 
[0005] Advantageously, in this manner, the present in- 
vention provides for identifying a requester of the serv- 
ices as a user on a list of unauthorized users (i.e., a black 
list). Thus, the users on the black list are denied access 
to the service, or provided with a phone number to call 
instead of being connected, or transferred to an opera- 
tor, while any other user, not on the list, is permitted ac- 
cess. Accordingly, instead of having to identify and/or 
verify the actual identity of the requester, the present 
invention uniquely need only provide for identifying the 
requester as a person on the unauthorized users list. 



[0006] These and other features and advantages of 
the present invention will become apparent from the fol- 
lowing detailed description of illustrative embodiments 
thereof, which is to be read in connection with the ac- 
companying drawings. 

Figure 1 1s a block diagram of a voice dialing system 
according to the present invention; and 

Figure 2 is a flow chart of the call flow interaction 
between the voice dialing system and a user ac- 
cording to the present invention. 

[0007] Referring to Figure 1, a voice dialing system 
10 according to the present invention is shown. In such 
a preferred architecture, a database 12 and a biometric 
identification module 14 are operatively coupled to a 
network 16. An intelligent peripheral 18 is operatively 
coupled to the network 16 and to a private branch ex- 
change (PBX) 20 and to a centrex CO 22 of a telephone 
provider which, itself, is operatively coupled to a public 
switching telephone network (PSTN) 24. The PBX 20 is 
also operatively coupled to the centrex CO 22. It is to 
be appreciated that the voice dialing system 10 is pref- 
erably implemented in a corporate setting whereby the 
PBX 20 is a private telecommunications exchange on 
the corporation's premises which provides a switching 
facility for telephones on extension lines within the 
premises (internal phones) and access to the public tel- 
ephone network (external or outside phones), i.e., 
PSTN 24. Thus, telephones 26 and 28 are internal cor- 
porate phones of, for instance, employees, which are 
operatively coupled to the PBX 20. Such phones are 
said to be "behind - the PBX 20. On the other hand, tel- 
ephones 30 and 32 are telephones outside of the cor- 
porate premises, for instance, residences or other busi- 
nesses. It is to be understood that only a few telephones 
(internal phones 26 and 28 and external phones 30 and 
32) are shown in Figure 1 for the sake of simplicity; how- 
ever, the system of the invention is not so limited. Also, 
telephone 34, operatively coupled to the intelligent pe- 
ripheral 18, represents operator service in the voice di- 
aling system, as will be explained. 
[0008] Normal telephone operation flow through the 
system 10 will now be described. For incoming calls, for 
instance, from telephone 32 to telephone 28, a call is 
passed through PSTN 24, to the centrex CO 22, to the 
PBX 20, to telephone 28. For outgoing calls, for in- 
stance, from telephone 28 to telephone 32, a caller uti- 
lizes the voice dialing features of the system. For exam- 
ple, a caller will state a name and the system will dial 
the phone number of the person associated with that 
name. Specifically, the request goes through the PBX 
20, to the intelligent peripheral 18, through the network 
16, and in accordance with the identification module 14 
and database 12 as will be explained, the decision to 
connect the call back through the network and intelligent 
peripheral to the centrex CO 22 and the PSTN 24 to the 
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outside telephone 32 is made. Internal (extension to ex- 
tension calls) between telephones 26 and 28 are ac- 
complished internally through the PBX 20. 
[0009] However, it is to be appreciated that a voice 
dialing system may permit a user to access the system 5 
from external telephones 30 and 32, by stating the name 
of party to be reached, as explained above. When using 
an external phone, access may be facilitated by a toll- 
free service which further aggravates the problem of us- 
ers abusing a call forwarding feature, as will be ex- 
plained below. 

[0010] The voice dialing system 10 of the invention 
provides a call forwarding service or follow-me feature 
which is extremely useful to employees who are con- 
stantly mobile, that is, who travel and work away from 
the corporate premises during the course of the day 
With this feature, the employee may effectively transfer 
the telephone number associated with his internal cor- 
porate phone to an external phone at the location where 
he is working that day. Thus, when an outside caller or 
an internal caller attempts to reach the employee at his 
regular phone number, the call is forwarded to the tele- 
phone at the remote location where he is working. How- 
ever, as previously mentioned, conventional voice dial- 
ing systems which provide a similar call forwarding fea- 
ture as just described are susceptible to abuse. Such 
conventional systems permit a dishonest employee to 
forward his telephone number to an outside party with 
whom he desires to communicate. Once his phone 
number is transferred to the outside partys' phone, the 
employee may dial his own number from another inter- 
nal phone or an external phone and the call will be for- 
warded to the party he wishes to contact. In this way, 
the employee fraudulently causes the corporate voice 
dialing system to treat the call as if it were a system- 
internal call rather than an outside call to an outside par- 
ty and thus cause the system to incur the total cost of 
his personal call. Also, the actual destination of the 
phone call (i.e., the remote location of the outside party) 
is masked from the system since the telephone number 
dialed to reach that destination is the internal number of 
the employee. 

[0011] voice diajing systems may come in many 
forms. Traditional voice dialing includes enrollment of 
10-50 (or any number) of names and phone numbers 
and then a user states one of the enrolled names and 
is connected to the phone number associated with the 
enrolled name. Here, the issue of abusing the system is 
not controllable since the employee may change the 
phone number of any enrolled name and then call that 
name. But, in general, since the list of enrolled names 
is only accessible to that user, the operator of the intel- 
ligent peripheral is keenly aware of the costs associated 
with such users. Btometric speaker identification may be 
used here in addition to standard PIN (personal identi- 
fication number) codes, as will be explained, to guaran- 
tee that indeed it is the user that is making the call. 
[0012] Corporate voice dialers which have a pre-en- 



rolled list of all company contacts (employees, etc.), and 
internal and external users, use this service to transfer 
to a contact This service is particularly susceptible to 
abuse since the callers of the system are, in general, 
not identified since the set of callers may be the entire 
population. The user is allowed to change only his own 
record, i.e., a follow-me number, to facilitate access for 
callers of the system. 

[001 3] The voice dialing system 1 0 of the present in- 
vention, as exemplified in Figure 1 , prevents such abuse 
from occurring. The call forwarding abuse-prevention 
operation of the voice dialing system 10 will be ex- 
plained in conjunction with the call flow diagram shown 
in Figure 2. It is to be assumed that for the sake of the 
following explanation of the preferred operation that in- 
ternal phone 26 is the dishonest employees corporate 
phone and external phone 30 is the phone of the party 
the employee seeks to fraudulently reach at the remote 
location. 

[0014] The database 12 contains all the telephone 
numbers of the corporate employees who have the abil- 
ity to use the call forwarding service. Also pre-stored in 
the database 1 2 are acoustic models which are respec- 
tively representative of speech associated with each of 
the subject employees. Each telephone number is as- 
sociated with an acoustic model of the individual having 
that phone number or to an acoustic model representing 
a class of individuals who share similar acoustic char- 
acteristics. It is to be understood that the biometric iden- 
tification module 1 4 which is preferably a speech/speak- 
er recognition system generates the acoustic speech 
models. The module 14 may employ text-dependent or 
speaker-dependent identification technology as dis- 
closed in the text: Chin-Hui Lee et al. t "Automatic 
Speech and Speaker Recognition", Kluwer Academic 
Publisher, 1996. In such a case, enrollment (e.g., train- 
ing data) is obtained when the user is asked to enter his 
name, for instance, when the voice dialing system 
prompts him for his name when using a voice mail fea- 
ture. On the other hand, the module 14 may employ text- 
independent or speaker-independent identification 
technology as disclosed in U.S. Serial No. 08/788,471 
(docket no. Y0996-188) filed on January 28, 1997, en- 
titled: "Text-independent Speaker Recognition for Com- 
mand Disambiguity and Continuous Access Control". In 
this case, enrollment data is derived from previous us- 
age of the system by the user. 
[001 5] It is to be understood that the speaker identifi- 
cation module 14 and the database 12 may be imple- 
mented in hardware, software or a combination thereof. 
Preferably, the module 14 and database 12 are imple- 
mented in software executed on an appropriately pro- 
grammed general purpose digital computer. It is to be 
further understood that the other functional features as- 
sociated with the voice dialing system of the invention 
may be implemented by module 1 4 and database 1 2 or 
by separate modules and databases on the same ap- 
propriately programmed computer. 
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[0016] Accordingly, the system operates as follows. 
The dishonest employee forwards his telephone 
number, associated with his internal phone 26. to the 
outside partys* external phone 30 in a manner that is 
known in standard voice dialing systems. Next, the em- 
ployee dials his own phone number from, for instance, 
internal phone 28 (step 100 of Fig. 2). The employee 
states his name at the request of the system (step 1 02 
of Fig. 2). 

[001 7] The speaker identification module 1 4 receives 
the speech sample, provided by the employee stating 
his name, via the PBX 20, the intelligent peripheral 18 
and the network 16. The intelligent peripheral 18 is pref- 
erably a device identified as a DirectTalk 6000 manufac- 
tured by IBM Corp. Further, the network 16 is preferably 
a local area network (LAN) and, preferably, a token-ring 
LAN. The speaker identification module 1 4 decodes the 
speech sample, in a known manner, and then compares 
the decoded speech sample with the acoustic model 
pre-stored in database 1 2 which corresponds to the tel- 
ephone number dialed in step 100 (step 104 of Fig. 2). 
If the decoded speech sample is substantially close the 
acoustic model (using comparison methods known to 
one of ordinary skill in the art of speech/speaker recog- 
nition), then it is determined that the speaker is the em- 
ployee who is associated with the number dialed (step 
106 of Fig. 2). Since, the likely reason for the employee 
to be dialing his own number from another internal 
phone is to fraudulently reach the outside party at phone 
30, the voice dialing system terminates the call (step 1 08 
of Fig. 2) or provides the employee with a phone number 
to dial to receive a directory assistance function. Thus, 
the dishonest employee is prevented from attempting to 
defraud the company for the cost of his personal calls. 
[001 8] In the event that a legitimate reason may arise 
that would necessitate an employee dialing his own ex- 
tension (e.g., checking his voice mail), the preferred sys- 
tem may include an operator 34 (Fig. 1) to whom the 
employee would be transferred to if a match occurred 
in step 104 or the system may provide the employee 
with a phone number to dial to receive a directory as- 
sistance function. The operator 34 would then permit or 
deny the employee to continue the call. Of course on 
the other hand, if there is no substantial match between 
the decoded speech sample and the acoustic model, 
then the call is put through to the outside party (step 110 
of Fig. 2). 

[001 9] It is to be understood that the present invention 
is not limited to speaker identification technology. Any 
type of biometric measure may be used to perform the 
identification. For example, such biometric attributes as 
fingerprints (obtained with a flat bed scanner), face rec- 
ognition, iris recognition, signature recognition, hand 
geometry, face temperature infrared pattern or any com- 
bination thereof may be used. It is to be appreciated that 
the above list is not intended to be exhaustive, rather, 
other types of biometric attributes may be employed. For 
that matter, it is to be understood that non-biometric at- 



tributes may be employed in addition to or in place of 
biometric attributes. For instance, conventional non-bi- 
ometric attributes such as passwords, PINs, smart- 
cards, digital signatures, etc., may be used. It is to be 

s appreciated that when non-biometric attributes are 
used, the biometric identification module 14 is not used, 
in that, the comparison of the non-biometric attribute (e. 
g., PIN) to the associated telephone number may be 
done by the intelligent peripheral 18 in cooperation with 

10 the database 12. 

[0020] In general, during enrollment, the necessary 
biometric measures are taken for all the members of a 
black list. In a corporate environment, this means that 
all employees are enrolled and different black lists are 

is built for different services based on, for example, a pre- 
determined service participation schedule. During use, 
the biometrics measured when the service is requested 
are compared one by one with the biometrics stored on 
the black list in the database. When there is no close 

20 enough match, the service is granted. When there is a 
close enough match, service is denied and/or the re- 
quest is forwarded to the operator. Such embodiments 
differ slightly from the previously explained preferred 
embodiment with respect to the comparison step in that 

2S the former embodiment merely compares a decoded 
speech sample (or other biometric measure) with one 
acoustic (biometric) model, i.e., the model associated 
with the phone number dialed, while the latter embodi- 
ments use the obtained voice sample (or other biometric 

30 measure) and compare it with all models in the black list 
for the particular service requested. 
[0021] Other applications of the present invention 
may, for example, include: control of jury access to out- 
side resources, prisoner access, control of child access 

35 to TV channels or computer internet web sites. Given 
the teachings of the invention, one of ordinary skill in the 
art will appreciate various other applications not explic- 
itly mentioned herein. 

[0022] In summary, provided is an apparatus for pre- 

40 venting unauthorized use of a voice dialing system and, 
particularly, a call forwarding feature associated with the 
system whereby system users may forward a telephone 
number respectively associated therewith to a remote 
location in order to receive phone calls at the remote 

45 location, comprises: a database for pre-storing tele- 
phone numbers of system users and for pre-storing 
acoustic models respectively representative of speech 
associated with each system user, the acoustic models 
respectively corresponding to the telephone numbers; 

so and a speaker identification module operatively coupled 
to the database for obtaining and decoding a speech 
sample from a potential system user during the potential 
users' attempt to make a telephone call, the speaker 
identification module comparing the decoded speech 

ss sample obtained with the pre-stored acoustic model as- 
sociated with the telephone number dialed by the po- 
tential user; whereby if the decoded speech sample sub- 
stantially matches the pre-stored acoustic model, then 
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the phone call attempted by the potential user is termi- 
nated. 



Claims 

1. Apparatus for identifying service users in order to 
prevent unauthorized use of a plurality of services 
by service users, the apparatus comprising: 

means for pre-storing one of a biometric at- 
tribute and a non-biometric attribute of at least 
a representative portion of the service users, 
the pre-storing means partitioning the pre- 
stored attributes into groups according to a pre- 
determined service participation schedule with 
respect to the plurality of services; 

means for obtaining one of the biometric at- 
tribute and the non-biometric attribute from a 
potential user during the potential users' at- 
tempt to access the service; and 

means for comparing one of the obtained bio- 
metric attribute and the obtained non-biometric 
attribute with one of the pre-stored biometric at- 
tributes and the pre-stored non-biometric at- 
tributes within the groups; 

whereby if one of the obtained biometric at- 
tribute and the obtained non-biometric attribute 
substantially matches one of a pre-stored bio- 
metric attribute and a pre-stored non-biometric 
attribute within one of the groups, then the ap- 
paratus denies the potential user access to the 
Particular service associated with the group 
containing the match. 

2. The apparatus of Claim 1 , wherein the at least one 
biometric attribute is speech and the obtaining 
means and comparing means include portions of a 
speaker identification module. 

3. The apparatus of Claim 2, wherein the speaker 
identification module is text-independent whereby 
the at least one biometric attribute is representative 
of a class of service users. 

4. The apparatus of Claim 1, wherein the groups of 
attributes partitioned by the pre-storing means are 
groups of users not authorized to access the service 
associated with the group. . 

5. Apparatus for preventing unauthorized use of a 
voice dialing system and, particularly, a call for- 
warding feature associated with the system where- 
by system users may forward a telephone number 
respectively associated therewith to a remote loca- 



tion in order to receive phone calls at the remote 
location, the apparatus comprising: 

a database for pre-storing telephone numbers 
5 of system users and for pre-storing acoustic 

models respectively representative of speech 
associated with each system user, the acoustic 
models respectively corresponding to the tele- 
phone numbers; and 

10 

a speaker identification module operatively 
coupled to the database for obtaining and de- 
coding a speech sample from a potential sys- 
tem user during the potential users 1 attempt to 
is make a telephone call, the speaker identifica- 

tion module comparing the decoded speech 
sample obtained with the pre-stored acoustic 
model associated with the telephone number 
dialed by the potential user; 

20 

whereby if the decoded speech sample sub- 
stantially matches the pre-stored acoustic mod- 
el, then the phone call attempted by the poten- 
tial user is terminated. 

25 

6. The apparatus of Claim 5, wherein the speaker 
identification module is text-independent. 

7. A method of identifying service users in order to pre- 
30 vent unauthorized use of a plurality of services by 

service users, the apparatus comprising: 

(a) pre-storing one of a biometric attribute and 
a non-biometric attribute of at least a represent- 

35 ative portion of the service users; 

(b) partitioning the pre-stored attributes into 
groups according to a predetermined service 
participation schedule with respect to the plu- 

40 rality of services; 

(c) obtaining one of the biometric attribute and 
the non-biometric attribute from a potential user 
during the potential users' attempt to access 

45 the service; and 

(d) comparing one of the obtained biometric at- 
tribute and the obtained non-biometric attribute 
with one of the pre-stored biometric attributes 

so and the pre-stored non-biometric attributes 

within the groups; 

whereby if one of the obtained biometric at- 
tribute and the obtained non-biometric attribute 
ss substantially matches one of a pre-stored biometric 
attribute and a pre-stored non-biometric attribute 
within one of the groups, then the apparatus denies 
the potential user access to the particular service 
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associated with the group containing the match. 

8. The method of Claim 7, wherein the at least one 
biometric attribute is speech and the obtaining and 
comparing steps are performed by a speaker iden- 
tification module. 

9. The apparatus of Claim 7, wherein the speaker 
identification module is text-independent whereby 
the at least one biometric attribute is representative 
of a class of service users. 

10. The method of Claim 7, wherein the groups of at- 
tributes partitioned in the partitioning step are 
groups of users not authorized to access the service 
associated with the group. 
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